Load Balancing VMware Horizon Workspace

VMware Horizon Workspace provides a single environment for easy and secure access to applications, files and desktops from virtually any device. Consisting of multiple Virtual Appliances (VAs) deployed through vCenter, the comprehensive solution provides:

Cloud identity management

Centralized workspace for application and data access

Data leak prevention through separation of corporate and personal data

Internal and external secure file access and collaboration

Simplified administrative management of resource entitlement and policy control

All of KEMP’s LoadMaster load balancers, whether virtualized or not, support VMware Horizon Workspace by increasing application performance and removing single points of failure in the deployment. While there are many important components known as Virtual Appliances (VAs) included in VMware Workspace, two critical ones are the Gateway VAs and Connector VAs.

Horizon Gateway VAs serve as the single namespace for all Horizon Workspace interaction and enables a user-facing domain for access to the infrastructure. They receive, route and proxy user requests. Horizon Workspace requires one Gateway VA for every two Data VAs or 2,000 users. Horizon Connector VAs enables local user authentication, Active Directory binding and synchronization services along with ThinApp catalog loading and View pool synchronization. To provide high availability and improved scalability VMware recommends that multiple Gateway VAs and Connector VAs be placed in load balanced clusters. In fact, if you do not use a load balancer, it is impossible to expand the number of Gateway VAs that are deployed.

LoadMaster provides application health checking and session affinity for load balanced VAs to ensure that client traffic is only ever sent to healthy and available VAs, that clients maintain persistence with the correct instances and that the environment remains highly available. Additionally, LoadMaster supports the traffic manipulation required by Workspace to maintain requestor IP address information end-to-end as well as prevent unauthorized access to administrative directories, keeping the environment secure and performing properly.